Bug 876726
| Summary: | User profile page shows raw HTML | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | OKD | Reporter: | Alexander Todorov <atodorov> | ||||||
| Component: | Website | Assignee: | Clayton Coleman <ccoleman> | ||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | libra bugs <libra-bugs> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 2.x | CC: | yujzhang | ||||||
| Target Milestone: | --- | Keywords: | Reopened | ||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2012-12-19 19:25:41 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
Alexander Todorov
2012-11-14 19:38:52 UTC
User profile doesn't support HTML Re-opening. I'm not inserting HTML into any of the fields. See screenshots Created attachment 645486 [details]
Profile page showing raw HTML
Created attachment 645487 [details]
Editting my profile - no HTML present
In Drupal, any field presented to the user as a textarea is assumed to be formatted according to the default input format (in this case, our default is markdown+some inline HTML, properly sanitized). In the UI, we should strip tags everywhere except the about me page, and on the about me page we should follow the normal sanitization rules. I made it so that every view that shows these attributes strips HTML, and removed some of the edge case checking that was unnecessary. Fixed in: https://github.com/openshift/li/pull/626 (In reply to comment #5) Tested on devenv_2485, profile content will be displayed correctly without raw HTML, thanks. |